Computer Engineering and Applications ›› 2019, Vol. 55 ›› Issue (3): 83-89.DOI: 10.3778/j.issn.1002-8331.1711-0246
Previous Articles Next Articles
LI Yihong, DU Zhenyu, HU Jinsong
Online:
Published:
李翼宏,杜镇宇,胡劲松
Abstract: By studying the defense scheme of APT attacks, this paper proposes an effective network feature filtering algorithm based on [k]-means++ clustering to deal with the problem of high dimensionality of network features which extracted from APT samples. Firstly, this algorithm divides the original feature set into APT traffic feature set and normal traffic feature set by the clustering method. Then, it calculates the degree of variation of clustering performance after removing a certain dimension feature. Finally, the degree of discrimination of the feature vector is evaluated according to the result. Among them, the effective feature vector is whose discrimination degree exceeds the set threshold. The purpose of this paper is to filter out the effective features from the extracted original feature sets. In this way, it can reduce the dimensionality of the features so as to reduce the space-time overhead of subsequent threat intelligence formation and detection. The experimental results show that the proposed algorithm is feasible and has some advantages over other filtering algorithms.
Key words: APT attack, network features, dimension reduction, [k]-means ++, discrimination
摘要: 在研究APT攻击的防御方案过程中,针对提取APT样本网络特征的维数过高问题,提出一种基于[k]-means++聚类的APT样本有效网络特征筛选算法。该算法的思路是首先基于聚类的思想将提取的原特征集划分成APT流量特征集与背景流量特征集,然后计算去掉某一维特征向量后聚类性能的变化程度,最后根据该结果评价该特征向量的区分度。其中,有效特征向量即为区分度超过设定阈值的特征向量。目的就是从提取的原特征集中筛选出有效特征,达成对特征的降维,从而降低后续威胁情报形成和部署检测工作的时空开销。实验结果表明,该算法具有一定可行性,针对此问题相比于其他筛选算法具有一定的优势。
关键词: APT攻击, 网络特征, 降维, [k]-means++, 区分度
LI Yihong, DU Zhenyu, HU Jinsong. Effective Network Feature Filtering Algorithm for APT Samples[J]. Computer Engineering and Applications, 2019, 55(3): 83-89.
李翼宏,杜镇宇,胡劲松. APT样本的有效网络特征筛选算法[J]. 计算机工程与应用, 2019, 55(3): 83-89.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://cea.ceaj.org/EN/10.3778/j.issn.1002-8331.1711-0246
http://cea.ceaj.org/EN/Y2019/V55/I3/83